The Perfect Storm – What Have We Learned About The Last Few Months Since The COVID19 Lockdown

In the last couple of months, all the top cybersecurity law enforcement agencies around the globe have been busy trying to keep everyone safe from cybercriminals. As the COVID19 pandemic forced many businesses to work from home, hackers found plenty of security flaws to take advantage of employees working from home. Dytrix is providing this information to show you that the threats are real and getting worse. We are monitoring these threats closely and will keep you up to date with our newsletter.

#WASHYOURCYBERHANDS 

Earlier this month INTERPOL launched its #WASHYOURCYBERHANDS campaign to bring awareness to the ongoing problem with cybercriminals taking advantage of people who are careless and not aware of the hazards that are online waiting for them. This is in response to the rapidly changing cybercrime landscape during the COVID-19 pandemic. The global law enforcement and cybersecurity communities united to form an alliance to help protect the public from these criminals. Analysis of the data has confirmed that cybercriminals are taking advantage of the anxiety caused by COVID19 through various cyberattacks such as data-harvesting malware, ransomware, online scams, and phishing. The campaign will focus on social media outreach, highlighting the top threats that INTERPOL has identified based on the data collected from its member countries, private industry partners, national cybersecurity agencies, and online information-sharing groups.

CISA & FBI TOP 10 VULNERABILITIES

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government have released information to help businesses protect themselves from these threats that can cause their business to take major losses. Below are the top 10 vulnerabilities from 2016 through 2019 and then the most recent vulnerabilities discovered during this COVID19 pandemic.  This is directly from the article:

Top 10 Most Exploited Vulnerabilities 2016–2019

U.S. Government reporting has identified the top 10 most exploited vulnerabilities by state, nonstate, and unattributed cyber actors from 2016 to 2019 as follows: CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759, CVE-2015-1641, and CVE-2018-7600.

  • According to U.S. Government technical analysis, malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts.
  • Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. All three of these vulnerabilities are related to Microsoft’s OLE technology.
  • As of December 2019, Chinese state cyber actors were frequently exploiting the same vulnerability—CVE-2012-0158—that the U.S. Government publicly assessed in 2015 was the most used in their cyber operations.[2] This trend suggests that organizations have not yet widely implemented patches for this vulnerability and that Chinese state cyber actors may continue to incorporate dated flaws into their operational tradecraft as long as they remain effective.
  • Deploying patches often requires IT, security professionals, to balance the need to mitigate vulnerabilities with the need for keeping systems running and ensuring installed patches are compatible with other software. This can require a significant investment of effort, particularly when mitigating multiple flaws at the same time.
  • A U.S. industry study released in early 2019 similarly discovered that the flaws malicious cyber actors exploited the most consistently were in Microsoft and Adobe Flash products, probably because of the widespread use of these technologies.[3]  Four of the industry study’s top 10 most exploited flaws also appear on this Alert’s list, highlighting how U.S. Government and private-sector data sources may complement each other to enhance security.

Vulnerabilities Exploited in 2020

In addition to the top 10 vulnerabilities from 2016 to 2019 listed above, the U.S. Government has reported that the following vulnerabilities are being routinely exploited by sophisticated foreign cyber actors in 2020:

  • Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities.
    • An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been detected in exploits in the wild.
    • An arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510, continues to be an attractive target for malicious actors.
  • March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations, rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365). Malicious cyber actors are targeting organizations whose hasty deployment of Microsoft O365 may have led to oversights in security configurations and vulnerable to attack.
  • Cybersecurity weaknesses—such as poor employee education on social engineering attacks and a lack of system recovery and contingency plans—have continued to make organizations susceptible to ransomware attacks in 2020.

End of Life Software

CISA, FBI, and the broader U.S. Government recommend that organizations transition away from any end-of-life software. These have the largest risk of being hacked and should be uninstalled when possible.

 

Link to the Original Article – Click Here